package com.beiding.pojo.auth;


import com.beiding.service.Authorities;
import com.beiding.utils.RegexUtils;
import com.google.common.collect.Sets;
import lombok.Getter;
import lombok.Setter;
import org.springframework.data.annotation.Id;
import org.springframework.data.mongodb.core.mapping.Document;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;

import javax.validation.constraints.Pattern;
import java.util.Set;

/*

    该类是用户的本地序列化对象.也可以理解为用户的代理对象

 */


@Document
@Getter
@Setter
public class User extends AbstractUser implements UserDetails {

    private static final long serialVersionUID = 1L;

    @Id
    @Pattern(regexp = RegexUtils.USERNAME_REGEX, message = "由字母数字组成且字母开头,5至12位")
    private String username;

    @Pattern(regexp = RegexUtils.PASSWORD_REGEX, message = "由字母数数字组成,5至15位")
    private String password;

    @Pattern(regexp = RegexUtils.EMAIL_REGEX, message = "格式错误")
    private String email;

    private Set<GrantedAuthority> authorities;

    private boolean accountNonExpired;

    private boolean accountNonLocked;

    private boolean credentialsNonExpired;

    private boolean enabled;

    private String incompleteEmail;

    @Override
    public void setUsername(String username) {
        super.username = username;
        this.username = username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return accountNonExpired;
    }

    @Override
    public boolean isAccountNonLocked() {
        return accountNonLocked;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return credentialsNonExpired;
    }

    @Override
    public boolean isEnabled() {
        return enabled;
    }

    //User对象初始化
    public void afterSetProperties(PasswordEncoder passwordEncoder) {
        accountNonExpired = accountNonLocked = credentialsNonExpired = enabled = true;

        password = passwordEncoder.encode(password);

        authorities = Sets.newHashSet(Authorities.USER);
        //对邮件进行保密处理
        // 前面留一位,@及其之后的保留
        String[] split = email.split("@");
        incompleteEmail = split[0].substring(0, 1);
        for (int i = 1; i < split[0].length(); i++) {
            incompleteEmail += "*";
        }
        incompleteEmail += "@" + split[1];
    }


    public org.springframework.security.core.userdetails.User user() {
        return new org.springframework.security.core.userdetails.User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
    }

}



/*

    权限管理结构:

        两大基础权限:
                1.权限结构制定权限:能够管理权限树,增删改节点.只有admin拥有

                2.授权权限:该权限决定该用户能否给其他用户授予他所具有权限的子权限.该权限由admin授予
                        同时,具有该权限的用户能够收回他所赋予的用户的权限


       权限依附机制:
                权限不能脱离其授予者单独存在,如果权限授予者失去了授权权限那么他所赋予权限的用户将失去他所赋予的权限.
                再或者权限授予者的权限等级降低,那么他所赋予的其他用户的与他等级降低之后的同等级及其之上的权限将全部失效


       权限转移:
                当一个用户的权限变动时,那些依附他的权限将失效,此时可以指定新的依附者.



        授权三级结构:

                admin->可授权用户->被授权用户





     权限实体:

            权限是一个资源,具有持有者以及依附者两大属性




 */

